General
-
Target
d5afcefbb46ea1a2b976c534da37a9be_JaffaCakes118
-
Size
3.1MB
-
Sample
240909-flhcxssfnq
-
MD5
d5afcefbb46ea1a2b976c534da37a9be
-
SHA1
a03631a062fb939c524420a04a278ef89a578c8d
-
SHA256
2139c391a586bdfabb1d6c2627c19e2b1bc4e91629bc7fe986a18ed1c09ea5e8
-
SHA512
537b85d53f3cd1ee2b50f3b8142043938079f3a1d76cf3a13f468e0901c51e10298d14e1f4c6734266a65f1be8ab0d637b91211dcfa8e97016560d181bdb114c
-
SSDEEP
49152:7q6O4SEDzCG0DPUf0w0Pelu8G5Uoa59c3javfA72lDKazLOvzDq6B:79qgzCG0bUfGPeoVOoa59+valDKa066B
Malware Config
Targets
-
-
Target
d5afcefbb46ea1a2b976c534da37a9be_JaffaCakes118
-
Size
3.1MB
-
MD5
d5afcefbb46ea1a2b976c534da37a9be
-
SHA1
a03631a062fb939c524420a04a278ef89a578c8d
-
SHA256
2139c391a586bdfabb1d6c2627c19e2b1bc4e91629bc7fe986a18ed1c09ea5e8
-
SHA512
537b85d53f3cd1ee2b50f3b8142043938079f3a1d76cf3a13f468e0901c51e10298d14e1f4c6734266a65f1be8ab0d637b91211dcfa8e97016560d181bdb114c
-
SSDEEP
49152:7q6O4SEDzCG0DPUf0w0Pelu8G5Uoa59c3javfA72lDKazLOvzDq6B:79qgzCG0bUfGPeoVOoa59+valDKa066B
Score8/10-
Blocklisted process makes network request
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
$PLUGINSDIR/ShellExecAsUser.dll
-
Size
83KB
-
MD5
0f2f0c6e86ed89e355be8b39e159fad0
-
SHA1
970a0f7df2a32325019a8c24de592beec490d63e
-
SHA256
e79fcb76e289709cf59c7d73a6d142193cdd3a94c1b5f318d320e52dcc76daf9
-
SHA512
ab5223e6aec8b94151e595d788c77686a31f00615b5e1de02b07aa7c5e439a90ed8333f4bbc0fe1c50baa6e3b36404f972249aafd148bbf3a60fe302cac761dc
-
SSDEEP
1536:T1kYvp+3iQfAsjms/38JWfLydNiZwEc0boX9TsWjcdNleSVgzlW:prRvQ4sKs/34s/icN3VghW
Score3/10 -
-
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
4206ac12a66dd61b2913f158488db070
-
SHA1
589a65a8f2b40d9e821e47bc66fd5bb3848d6f77
-
SHA256
4b722e1b2445fe8030194ba2ae1f573bc8e13dc3c028ce22312ea9848c584449
-
SHA512
a6a1bd423f222dd28277831eb01a14179ea67fb4d7c2b498cf0684185caf7d44a1378faf3a3933a6ce5bed5f5824d011b4a0f6558c3b5d8e84cb5a2bfe455a67
-
SSDEEP
96:o8dPIKJhMuhik+CfoEwknt6io8zv+qy5/utta/P3lkCTcaqHCI:1ZIKXgk+cx6QYFkAvlncviI
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
3e6bf00b3ac976122f982ae2aadb1c51
-
SHA1
caab188f7fdc84d3fdcb2922edeeb5ed576bd31d
-
SHA256
4ff9b2678d698677c5d9732678f9cf53f17290e09d053691aac4cc6e6f595cbe
-
SHA512
1286f05e6a7e6b691f6e479638e7179897598e171b52eb3a3dc0e830415251069d29416b6d1ffc6d7dce8da5625e1479be06db9b7179e7776659c5c1ad6aa706
-
SSDEEP
192:eP24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlbSl:T8QIl975eXqlWBrz7YLOlb
Score3/10 -
-
-
Target
$PLUGINSDIR/md5dll.dll
-
Size
6KB
-
MD5
7059f133ea2316b9e7e39094a52a8c34
-
SHA1
ee9f1487c8152d8c42fecf2efb8ed1db68395802
-
SHA256
32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
-
SHA512
9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
-
SSDEEP
96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT
Score7/10-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
dbdbf4017ff91c9de328697b5fd2e10a
-
SHA1
b597a5e9a8a0b252770933feed51169b5060a09f
-
SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
-
SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
-
SSDEEP
96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Score3/10 -
-
-
Target
$TEMP/$_83_/InstSupp.dll
-
Size
532KB
-
MD5
db7a29024203548761c4f49f9fb02d8d
-
SHA1
609e026502e0c3d6a4a79e1ffc11a511b1e4dfdf
-
SHA256
2b010f02e0d9bf7411bc23eeaa6824ad446382ad9a413b7f56ac75060bb034cc
-
SHA512
d71bca1796a32d8b8850326b2a0a9bf7fedb270d10ef193b5d13736319b512bdea115ebdd6cfe7f6eee8e1618d7f192636b0cf986d44026a1164912b3329de5b
-
SSDEEP
12288:eJ/aRnvWbKAsGcai6tmh058mcV7WRY8eSMl3eyR7t3l/krx5M:emv2KAsGcai6tmhCowR/sNVFJQ5M
Score3/10 -
-
-
Target
FireFox/bootstrap.js
-
Size
11KB
-
MD5
4ceb7dfccc418f4a220e41e0e3b5244a
-
SHA1
6e4e25767afb889f516ed42308f9ee1a38c67492
-
SHA256
e9c7c14543100f703f9ee59762ed5e0ce2958acf44c93e33c89539088fdb8228
-
SHA512
647b44e9805ab99d1bcd791c51301b69738d30c49233f4a75cbfa2d9463d0a308a3ed2b7294a53d3258081061f71f6ba7be8f47712d4e5e78d54a916897c28cd
-
SSDEEP
192:fy5ZY6esa/XFee6DKdawc38ZY9bk300jAVwaP:SXeR/fawc5ZiAVfP
Score3/10 -
-
-
Target
FireFox/content/html/popup.html
-
Size
734B
-
MD5
c929c4ef17977667affa3fbf2308d429
-
SHA1
8981c4dedbb7446e817e20f206b5c9e174cc0074
-
SHA256
4599c1cb8c97f841d48a003f47e6ab8b7b8f720448129183c4499812468377eb
-
SHA512
1831fb44ec6c9ff32fe21386023d4f0229d85844b09ed28975b65e5aba6eb81c6a0f783a7e023f966cc90082191ea4d5df5c3f803f2764181461433ce38935ad
Score3/10 -
-
-
Target
FireFox/content/js/uid.js
-
Size
41B
-
MD5
0460abfa86a3c928cfd26d3af6b17188
-
SHA1
551732701651d8ecd2847a9db6a557aef32b1539
-
SHA256
074dc1633ac3a5118053e509bd2d285635c9d946275431489bbfdcf26f26c8c3
-
SHA512
fbb386513ecdee0b096c5d75830a1cc25afe1c2b724f53bfb7f4d73312bc52f3dcbb953b47da05121ef21b76a734896063b8043ad3b63785a605cf7df2263258
Score3/10 -
-
-
Target
Modules/7z.dll
-
Size
893KB
-
MD5
04ad4b80880b32c94be8d0886482c774
-
SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0
-
SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
-
SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb
-
SSDEEP
24576:TW+wsDaQw6DDz3qRyPnmGfrnvVUKueY8RmneWtJ:TasY6DwOBfrnvV7UeWt
Score3/10 -
-
-
Target
Modules/ArSp.dll
-
Size
38KB
-
MD5
ff48d0953b5d8cc457fb95f0875f65d1
-
SHA1
46563981f88a736448b8347f70fa54083165e21d
-
SHA256
29cc10774cff58d604bf705d18ec2ed3513a52b4143045cfeac749199e4efb50
-
SHA512
d987c1aee2008d10a50fd73eaf181e2ac88bdf0661a297f949179934e87f962a9ea04c621a32c5989d785965c8dad5d06bdca959ebb22d6de762173b64c700e7
-
SSDEEP
768:p/PidxjnQyslT/FwAR0YzNjMLwnTScciD:1PidtnPgrFwCzNoMnTS3iD
Score3/10 -
-
-
Target
Modules/BdUdr.dll
-
Size
57KB
-
MD5
0c91786871f3973fce454e3354928b9c
-
SHA1
264038c56fffa280ad7746c00039971ad59df9fd
-
SHA256
6f45ab843b50227dfa6abc4a23a6355c2c7b65f14820bc81aa0c20c201aa4b15
-
SHA512
89176e079588e2fcba75cf3e04aada2adc88dd565acd388ed2a75e703a05564aae917685fc0df2864cb66342eab4f30304f577984fde073b62e43c4efc6537d9
-
SSDEEP
1536:8izk89A8AXKsjKrPjkj63XIyMx283/pnQ+P4TS3iBlK:jzk8W1okj63XIDx283/pnBFCw
Score3/10 -
-
-
Target
Modules/BrSp.dll
-
Size
115KB
-
MD5
2f9ffa8c921eac121529dd94298c0f0b
-
SHA1
dc888cb5dbd0080e925569ae0bda2e8e98c0e276
-
SHA256
7bf1503a5fadd3dfa6ccf5d590c91cd48f7a60a479608e043fcffe9c26ba1efc
-
SHA512
3634966ebc632918f079b234f601e48bfaae15240ece785a410e3cad3989c0a6cf0e287bd0a2088c5c48e0f439e3f1d6ffd126874780f94524f3a4b97e0471fa
-
SSDEEP
3072:Z/zpmVI4b7qjQv1blKL/8GicUYnn/o+HHd2/oO4:tpmVzXqjCblClnA+nd2/ob
Score3/10 -
-
-
Target
Modules/CdPrc.dll
-
Size
90KB
-
MD5
4a1bc828fc83a96bb51cf90c62a8b496
-
SHA1
c0b06c8a0f882736b187a4d3b5ad32c84c798b3a
-
SHA256
b19c4a1274b4d34e6b05d79b2f4013bf7a099081a5af78f6598a8b241235db9b
-
SHA512
48b95a3cbd8592f14ba87dd3f113b9728ff72bbd5ab0a35f44b2f53244077a9de6f21db8422a5ea952ecdbf5bf8e1a91bcf4aea44bf14903b25a2d731c69ba03
-
SSDEEP
1536:HX7wnCjGy1zLNbTVyxFQQgwyJ3lKDmPOXQtsWhDgI5AWdkBkD/c3bUyTS3iar:Hr5GydTV0QQglJ3kAtsWhDglWdkyD/cm
Score3/10 -
-
-
Target
Modules/Core.dll
-
Size
106KB
-
MD5
c92c1cafd1ebfc66f4d9bf84237c60e3
-
SHA1
e5eebb6a387305c84f007d6c775675527056c5c9
-
SHA256
e7bd068ec4231eff002266024190e8652314e7b34f0e86c063770d93f08585c2
-
SHA512
7d610738a690bf3d4c60695c414b3d1418cccd833bdb33b767f937ebd3a8c9abb4f37ff5b41b7d9f08234229a673427d8e63acaf604d60b301f631581242ef72
-
SSDEEP
3072:0ZYCVPJG1mLWSYVgFWTNl2NJuua8I/+/VZM4vX0g/:0ZYCftSSYSFu4Juua8I/+/VZM4vXx
Score3/10 -